Jump to content


Malware Hunters
  • Content Count

  • Joined

  • Last visited


About alvarnell

  • Rank
    Macintosh Guru

Profile Information

  • Location
    Mountain View, CA, USA
  • Interests
    Honorary Member
    Macintosh Computing, Mac Malware analysis and prevention.

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. You’re more than welcome. Glad I could help.
  2. You can normally run another AV if you really want to. There have been a few conflicts in the past, but I believe that’s mostly been taken care of. Still one or two that will refuse to install unless you remove all others, but that’s more of a competition thing than conflict. Just make sure that only one is enabled for real-time / on-access scanning as this can cause conflict as they fight over who get’s to scan new / revised files first.
  3. Not sure why Graham is just getting around to writing this up today as the original article from Palo Alto Networks upon which it is based was published back in January. Although it's been several months since I checked, as I recall even the free Malwarebytes for Mac detects components that have already been installed, but that probably indicates the user has already been compromised.
  4. Not sure how this relates to www.weknow.ac or even Malwarebytes, so I've requested it be moved to start a new discussion, but I doubt you will find a solution here. Doesn't sound like any kind of malware that I have ever run across. Possibly a failing internal drive. Probably need to take it up with AppleCare or your nearest Apple Store / repair facility. You also might get some assistance on the Apple Community Support forum.
  5. First I would contact Dr. Web and Forcepoint ThreatSeeker and ask that they clear your site. Additional detection history can be found at <https://www.urlvoid.com/scan/dental-design-products.co.uk/>
  6. Sorry, that would be the "Malwarebytes updated to version 3.9.27". I want to know what the last "Protection updated to version..." indicates. Also, did you try clicking on the entry next to "Protection Update: " to see if it will give you an update and change to "Current" as shown?
  7. Check the Reports tab for the last entry for kind "Update". Mine shows version 4.0.424 from around 7 hours ago. Menu bar indicates last check was three minutes ago when I launched the app. Any difference if you click here:
  8. Trend Micro did get into a bit of trouble and had all of their apps tossed from the App Store for several months, but it was about their gathering and use of personal information, not kernel panics. But any anti-virus/anti-malware app you find on the Mac App Store can’t do an effective job of protecting you in any case as they are prevented from many things by App Store rules. Also, Trend Micro is not a Mac only developer. They try to sell software for every platform and situation, both business and personal, so much of what they have for Macs has been recently ported from existing software on other platforms. Intego is a Mac only developer, but not the only one. I think such apps have the advantage of being able to focus on only a single platform. Although Malwarebytes started out as Windows only, they bought Malwarebytes for Mac on board from a developer that was Mac only, so even though the code has been advanced, the principles behind it’s use are Mac focused. If you ask Apple Corporate directly, they will tell you they don’t recommend any specific Anti-Virus/Malware software, occasionally saying it’s unnecessary. What you experienced was the personal opinion of that technician, but it’s not an uncommon occurrence. It has an excellent reputation because it’s fast, doesn’t require excessive CPU or RAM use and is relatively trouble free. It’s not the only such Mac focused software available, but until valid comparative test results are made available, it’s impossible to pre-determine what’s best. So it’s basically up to users to make that determination for themselves.
  9. I'm a bit surprised to hear that as I've experimented by installing several other anti-malware products while having some form of 3rd party real-time process running without causing any issue, so would be interested to know what that other product was. I always recommend against having more than one real-time / on-access process running, but only because they tend to attempt to fight over which gets to scan first, slowing everything down unacceptably. I don't accept that the macOS security processes could be conflicted with. The built-in processes only check do their thing when you double-click the installer and will prevent it from actually running if there are any issues with it's signature or content. They don't monitor the installation itself. Real-Time protection has the advantage of catching currently known malware before it can be installed. If you rely solely on occasional scans, there is a good chance that installation will already have taken place and any malicious results have been implemented. If it's simple adware, that's just annoying, but if it were ransomware or spyware, you will already have been compromised.
  10. One Engine here detects malware: https://www.virustotal.com/gui/url/493ea005230a240382db924c87018af03ea87f0b0650bfa6e94b9839955cf6b1/detection.
  11. https://apps.apple.com/us/app/malwarebytes-mobile-security/id1327105431
  12. Hi Jim, of course I remember you. I still work unofficially with the ClamXAV crew, but their Forum I spend most of my time on wasn't being used by the few legacy users left, so it's gone now. My iMac is pretty much setup identically to yours, except it's newer and running Mojave at this time. There have only been two known Ransomware threats for Mac identified and both were short lived. KeRanger infected about 7,000 users by tricking people into downloading an infected Transmission BitTorrent client almost two years ago now. Here's the Malwarebytes blog about it: First Mac ransomware spotted. The second, discovered a few month later being distributed from pirate BitTorrent sites (note the pattern here) pretends to be a patcher of applications such as Adobe Premiere Pro or Microsoft office for Mac. Known variously as FileCoder, FindZip and Patcher here's a writeup from ESET who first identified it: New crypto‑ransomware hits macOS. So as far as threats are concerned, Macs apparently don't represent very lucrative targets. There have also been a bunch of fake infections, where you get a popup or e-mail threatening ransom, but those should be completely ignored. That's not to say somebody won't take up the challenge in the future, which is where something like RansomWhere? can be useful to prevent you from being patient zero in such an attack. Malware penetration of iOS is still rare, most, but not all, involving "jailbroken" devices. The latest non-jailbroke attack is described here: Unprecedented new iPhone malware discovered. Apple patched the vulnerabilities about ten days after notification back in February and has made an official statement alleging some aspects of Google reporting to be inaccurate & incomplete. It's also now been confirmed that Chinese Uighurs were the target, so very limited in scope. Great to hear from you. Mountain View is a great place to live, but envious of you being closer to the beach. I suspect Carmel (where I met and married my wife) would be my personal choice.
  13. I'm sure they need to take a look at it because it's a hidden file that is normally not found there, suspecting it could be related to some new malware or a new variant of previously known malware. I suspect they want you to use Terminal to do this because they prefer it to be password protected. This prevents any anti-malware software between you and their server from blocking it. Perhaps they will allow you to use Finder to compress it without a password just to see if it will go through. If you haven't done so already, just tell them you aren't comfortable using the instructions for using Terminal and see what they have to say.
  14. Note that @treed only recommended drag to trash for apps from the Mac App Store. For all others (including Malwarebytes) you will need to seek developer recommendations to prevent active processes from being left behind.
  15. I am not seeing where anybody mentioned anything about an iPhone here. Simply open up the Malwarebytes app on your iMac and make sure you have the latest version: If it doesn't say version: 3.9.27, then your Quarantine tab won't show the same as this:
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.